package com.lh.lepay.config;

import com.lh.lepay.filter.JwtAuthenticationTokenFilter;
import com.lh.lepay.handle.AccessDeniedHandlerImpl;
import com.lh.lepay.handle.AuthenticationEntryPointImpl;
import jakarta.annotation.Resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

/**
 * @author liuzongyi ~ Mr.Liu
 * @week 星期一
 * @address https://github.com/liu17y
 * @since 2024/6/10~~11:19
 */
@SuppressWarnings("all")// 忽略警告
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig {
    @Resource
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
    @Resource
    private AccessDeniedHandlerImpl accessDeniedHandler;

    @Resource
    private AuthenticationEntryPointImpl authenticationEntryPoint;
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Bean
    public SecurityFilterChain securityWebFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf(csrf ->{
                    csrf.disable();
                })
                .sessionManagement(session ->{
                    session.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
                })
                .authorizeHttpRequests(register ->{
                    register.requestMatchers("/user/verificationCode").permitAll();
                    register.requestMatchers("/verifyCode/**").permitAll();
                    register.requestMatchers("/cs/**").permitAll();
                    register.requestMatchers("/ai/**").permitAll();
                    register.requestMatchers("/bill/**").permitAll();
                    register.requestMatchers("/role/**").permitAll();
                    register.requestMatchers("/qrcode/**").permitAll();
                    register.requestMatchers("/user/login").anonymous();
//                    register.requestMatchers("/hello2").anonymous();
                    register.anyRequest().authenticated();
                })
//                .cors(cors ->{
//                    cors.disable();
//                    //cors.configurationSource(corsConfigurationSource());
//                })
                .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);// 添加过滤器
        // 异常处理
        http.exceptionHandling(exception ->{
            exception.accessDeniedHandler(accessDeniedHandler);
            exception.authenticationEntryPoint(authenticationEntryPoint);
        });

        return http.build();
    }


    // 认证管理器
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
        return configuration.getAuthenticationManager();
    }





}
